Logstash收集Nginx日志

2019/01/15
Logstash收集Nginx日志 转载 已验证 做的elk搭建,不做e和k的了。直接搭建就行
主要做log的日志收集,发送的es。这个是整个交互的关键

基础环境配置

#安装
rpm -ivh logstash-5.6.5.rpm 

#配置软链
ln -s /etc/logstash /usr/share/logstash/config

#配置
vim /etc/logstash/logstash.yml 
path.config: /usr/share/logstash/config/conf.d     #修改path.config到这个目录


#启动
systemctl start logstash
systemctl status logstash
systemctl enable logstash

#软链启动命令
ln -s /usr/share/logstash/bin/logstash  /sbin  

将nginx日志转换为json格式

vim conf/nginx.conf   #修改为如下json日志格式
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"status":"$status"}';
access_log /var/log/nginx/access.log access_json;


//配置日志的config
input {
  file {
	path => "/var/log/nginx/access.log"
	start_position => "end"
	type => "nginx-accesslog"
	codec => json
  }
}


output {
  if [type] == "nginx-accesslog" {
	elasticsearch {
	  hosts => ["10.0.10.21:9200"]
	  index => "logstash-nginx-accesslog-1024-%{+YYYY.MM.dd}"
	}}
}

logstash -f /usr/share/logstash/config/conf.d/nginx.conf

个人随笔

安静的等待,你若盛开,蝴蝶自来

承接高质量 网站开发 app开发 如有需要请点击About联系

作者 @承鹏辉